Hosting Controller addsubsite_online.asp Remote Privilege Escalation

2005-07-11T05:45:31
ID OSVDB:17899
Type osvdb
Reporter KeHieuHoc(kehieuhoc@yahoo.com)
Modified 2005-07-11T05:45:31

Description

Vulnerability Description

Hosting Controller contains a flaw that may allow a remote attacker to gain access to unauthorized privileges. With a specially crafted request to the 'addsubsite_online.asp' script, an authenticated remote attacker can create arbitrary privileged accounts resulting in a loss of integrity.

Solution Description

Currently, there are no known workarounds or upgrades to correct this issue. However, Advanced Communications has released a patch to address this vulnerability.

Short Description

Hosting Controller contains a flaw that may allow a remote attacker to gain access to unauthorized privileges. With a specially crafted request to the 'addsubsite_online.asp' script, an authenticated remote attacker can create arbitrary privileged accounts resulting in a loss of integrity.

References:

Vendor URL: http://hostingcontroller.com Security Tracker: 1014446 Secunia Advisory ID:15975 Related OSVDB ID: 17900 Related OSVDB ID: 17902 Related OSVDB ID: 17905 Related OSVDB ID: 17903 Related OSVDB ID: 17904 Related OSVDB ID: 17901 Nessus Plugin ID:19194 ISS X-Force ID: 21401 Bugtraq ID: 14283